saarg Posted January 17, 2021 Share Posted January 17, 2021 8 minutes ago, BTPBen said: but shouldn't I be about to access https://abc.def.ghi.jkl:xx443 even if the cert isn't any good? No you can't, as nginx isn't started until you have a valid cert. Quote Link to comment
BTPBen Posted January 17, 2021 Share Posted January 17, 2021 10 minutes ago, saarg said: No you can't, as nginx isn't started until you have a valid cert. So, at this point I am trying to figure things out. In my router I have configured port 80 and port 443 to forward to my UnRaid server on ports xx080 and xx443 which are the same ports on my SWAG configuration. I am getting timeouts try to renew my expired cert. I tried to telnet into unraid on xx080 and it tells me it cannot open a connection. If I can't establish the connection to the SWAG container how can I renew my cert? Quote Link to comment
saarg Posted January 17, 2021 Share Posted January 17, 2021 1 hour ago, BTPBen said: So, at this point I am trying to figure things out. In my router I have configured port 80 and port 443 to forward to my UnRaid server on ports xx080 and xx443 which are the same ports on my SWAG configuration. I am getting timeouts try to renew my expired cert. I tried to telnet into unraid on xx080 and it tells me it cannot open a connection. If I can't establish the connection to the SWAG container how can I renew my cert? You have to fix your port forward or whatever it is that is blocking the connection. Quote Link to comment
_rogue Posted January 17, 2021 Share Posted January 17, 2021 So I have been banging my head off the wall trying to figure this out. I have searched this thread and google as much as I can. I think I might just not have the right search terms to get the info I need. (or something is not working right) I am trying to get nginx to pass the real client IP to the backend. I cannot figure for the life of me why it does not work. My proxy.conf is set to default right now but I have tried every combination of settings I can think of. It appears that I am passing a list of IPs to the backend that includes both the reverse proxy and the client IPs but apps are only reading the reverse proxy IP. I need to get it to pass just the client IP. How do I do this? Quote Link to comment
BTPBen Posted January 18, 2021 Share Posted January 18, 2021 10 hours ago, saarg said: You have to fix your port forward or whatever it is that is blocking the connection. That's what I can't seem to figure out what's blocking the connection. Based on the line below. If I open the UnRaid terminal should I be able to telnet to port 180 on the UnRaid server and get a response from SWAG before I get a certificate? telnet 192.168.0.xxx 180 Quote Link to comment
saarg Posted January 18, 2021 Share Posted January 18, 2021 5 hours ago, BTPBen said: That's what I can't seem to figure out what's blocking the connection. Based on the line below. If I open the UnRaid terminal should I be able to telnet to port 180 on the UnRaid server and get a response from SWAG before I get a certificate? telnet 192.168.0.xxx 180 Follow this https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ Quote Link to comment
BTPBen Posted January 18, 2021 Share Posted January 18, 2021 4 hours ago, saarg said: Follow this https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ Followed the guide, found out that my ISP is what's blocking port80 and SWAG won't work if I setup a dynu port redirect to something like 40080. So I guess I will never get a certificate Quote Link to comment
THF13 Posted January 18, 2021 Share Posted January 18, 2021 31 minutes ago, BTPBen said: Followed the guide, found out that my ISP is what's blocking port80 and SWAG won't work if I setup a dynu port redirect to something like 40080. So I guess I will never get a certificate If you use DNS validation you only need 443, only thing you really will lose is automatic http->https redirection. DuckDNS is free and supports DNS validation. 1 Quote Link to comment
Abigel Posted January 19, 2021 Share Posted January 19, 2021 Hi, Is authelia integrated in swag? I noticed that I have authelia files under /appdata/swag/nginx/: auhtelia-location.conf and authelia-server.conf Quote Link to comment
Konfitüre Posted January 19, 2021 Share Posted January 19, 2021 When I look at my certificate, all of my sub-domains are in there "Alternative holder designations" Have I done something wrong ? Shouldn't each subdomain have its own certificate? Quote Link to comment
saarg Posted January 19, 2021 Share Posted January 19, 2021 5 hours ago, Abigel said: Hi, Is authelia integrated in swag? I noticed that I have authelia files under /appdata/swag/nginx/: auhtelia-location.conf and authelia-server.conf It's not integrated. It has the config files to use authelia. Follow the guide on our blog to set it up. https://blog.linuxserver.io Quote Link to comment
saarg Posted January 19, 2021 Share Posted January 19, 2021 5 hours ago, Konfitüre said: When I look at my certificate, all of my sub-domains are in there "Alternative holder designations" Have I done something wrong ? Shouldn't each subdomain have its own certificate? It only create one cert covering everything. Quote Link to comment
bombz Posted January 20, 2021 Share Posted January 20, 2021 Hello, I have swag up and running and there has been no issues. However, recently I saw this pop up in the container log: [services.d] starting services [services.d] done. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) Server ready Has anyone ran across this or can shed some light on this? Thank you, Quote Link to comment
jademonkee Posted January 20, 2021 Share Posted January 20, 2021 (edited) I've been trying to search for a way to do this, but have come up empty-handed - probably because I haven't got the search terms quite right, so apologies if this has been covered before (as it almost certainly has). I would like to access some internal-facing websites via SSL - ones that I do not want accessible from the internet, such as Unraid, and Unifi - but I can't find a guide to do this that doesn't also point them to the internet. What settings can I change to a) have them receive an SSL via certbot (or is my wildcard cert already covering them?) and b) to be accessible by https://subdomain.mydomain.com address, but only from my LAN? Can someone point me to the right place that explains how I can do this? As I said before, I couldn't find it in the documentation mainly because I'm not quite sure what to search for. Bonus points for help on how (if it's possible) to set up a cert + SSL for my pi-hole instance, which is running on a separate RPi, rather than an Unraid Docker. Many thanks for your help. Edited January 20, 2021 by jademonkee typo Quote Link to comment
jademonkee Posted January 20, 2021 Share Posted January 20, 2021 7 hours ago, bombz said: Hello, I have swag up and running and there has been no issues. However, recently I saw this pop up in the container log: [services.d] starting services [services.d] done. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) Server ready Has anyone ran across this or can shed some light on this? Thank you, See the pinned notice at the top of the thread. Nothing to worry about. Quote Link to comment
crusemm Posted January 22, 2021 Share Posted January 22, 2021 Need Help Setting up swag for the first time . I have my own domain, and I have the DNS through my provider point the subdomains bitwarden.XXXX.xyz and nextcloud.XXXX.xyz at mydomain.duckdns.org. I currently have openvpn running, and when i go to my server address with openvpn enabled, it gets through to the server, so I'm pretty sure that the duckdns part is working. Not sure what I'm doing wrong TS1 Log.txt Quote Link to comment
crusemm Posted January 22, 2021 Share Posted January 22, 2021 Ok, now openvpn isn't working either Sent from my SM-G986U using Tapatalk Quote Link to comment
ctietze Posted January 22, 2021 Share Posted January 22, 2021 (edited) I have trouble making outgoing connections from inside the Docker proxy net (not using the Unraid bridge). curl -I google.com works curl -I some.dyndns.for.same.lan fails (e.g. cloudpi.dns.navy, a test device on a Raspberry Pi) curl -I -x swag:80 some.dyndns.for.same.lan works E.g. when I open the console for the SWAG container and try to access a Raspberry Pi that's connected to the web: # curl -Iv cloudpi.dns.navy * Trying 37.201.145.221:80... * Trying 2a02:908:4b60:a2e0:ba27:ebff:fe83:4fe:80... * Immediate connect fail for 2a02:908:4b60:a2e0:ba27:ebff:fe83:4fe: Address not available * Trying 2a02:908:4b60:a2e0:ba27:ebff:fe83:4fe:80... * Immediate connect fail for 2a02:908:4b60:a2e0:ba27:ebff:fe83:4fe: Address not available This is puzzling me a lot. If you copy and paste the CURL command, you'll notice that this will work fine from a regular computer. (Maybe even from your own Unraid SWAG instance? Dunno) If I define a proxy parameter in the request, this works out better: # curl -I -x swag:80 cloudpi.dns.navy HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 Date: Fri, 22 Jan 2021 11:10:48 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Location: https://cloudpi.dns.navy/ The same -x parameter makes the CURL request reach the destination device from my SWAG container and my Nextcloud container. I can't get it to work with a https:// URL when I specify swag:443 as the proxy. I get a 400 Bad Request by SWAG. Same for -x swag:443 https://google.com, so the port 443 forwarding isn't limited to my DynDNS. I went down the CURL rabbit hole because my Nextcloud could connect to an instance I hosted on my web server, but not to the device with the dns.navy URL (it is in the same LAN). I don't know anybody with a DynDNS Nextcloud instance to try to figure out what may be going wrong. Am I holding it wrong? Is there any other debugging tool for this I could use? nslookup works, ping works, curl doesn't -- and to that extend connecting Nextcloud instances here don't work either. Edited January 22, 2021 by ctietze added info that command usually works Quote Link to comment
Ryguy Posted January 22, 2021 Share Posted January 22, 2021 with the latest update, unfortunately all of my reverse proxies are no longer working. I have it configured to use my own domain, and there is a cname associated to each subdomain. My dynamic dns is resolved with DuckDNS, and I have all of the relevant containers set on proxynet along with the SWAG container. My logs show that the Server is ready, however it is flagging that the Prox-conf files are out of date. Could this be causing the issue? did the templates change materially? The containers in use are Bitwardenrs, Nextcloud, and OMbi Quote Link to comment
crusemm Posted January 22, 2021 Share Posted January 22, 2021 So I got openvpn working again, but I still can't get the certificate to issue I get the following error Domain: bitwarden.XXXXX.xyz Type: dns Detail: DNS problem: NXDOMAIN looking up A for bitwarden.XXXXX.xyz - check that a DNS record exists for this I have Gandi liveDNS set to redirect from bitwarden.XXXXX.xyz to XXXXX.duckdns.org using CNAME NAME TYPE TTL VALUE bitwarden CNAME 10800 XXXXX.duckdns.org Quote Link to comment
abnersnell Posted January 22, 2021 Share Posted January 22, 2021 Can someone point me in the right direction on setting up PHP mail() function to work within SWAG? Is this something I should expect to work or should I give up and use SMTP connectivity to Gmail, for example, to send email messages from a simple php script. Thanks in advance, Abner Quote Link to comment
alexandru360 Posted January 22, 2021 Share Posted January 22, 2021 2 hours ago, Ryguy said: with the latest update, unfortunately all of my reverse proxies are no longer working. I have it configured to use my own domain, and there is a cname associated to each subdomain. My dynamic dns is resolved with DuckDNS, and I have all of the relevant containers set on proxynet along with the SWAG container. My logs show that the Server is ready, however it is flagging that the Prox-conf files are out of date. Could this be causing the issue? did the templates change materially? The containers in use are Bitwardenrs, Nextcloud, and OMbi Same with me ... I had my server down like for 3 weeks(I had my mainboard in the warenty) and everything worked plex, gitea, sonarr, deluge, nextcloud ... finally I had all of them working and now all are down again Funny thing now as an exception for other not working dates(misconfiguration of swag/pipeline until swag) is that swag is validating the certificate for everything domain and the above mentioned subdomains but am still getting Bad Gateway ... 1 Quote Link to comment
alexandru360 Posted January 22, 2021 Share Posted January 22, 2021 (edited) 22 minutes ago, alexandru360 said: Same with me ... I had my server down like for 3 weeks(I had my mainboard in the warenty) and everything worked plex, gitea, sonarr, deluge, nextcloud ... finally I had all of them working and now all are down again Funny thing now as an exception for other not working dates(misconfiguration of swag/pipeline until swag) is that swag is validating the certificate for everything domain and the above mentioned subdomains but am still getting Bad Gateway ... After some further investigation I had this lines in my swag log: **** The following reverse proxy confs have different version dates than the samples that are shipped. **** **** This may be due to user customization or an update to the samples. **** **** You should compare them to the samples in the same folder to make sure you have the latest updates. **** /config/nginx/proxy-confs/sonarr.subdomain.conf /config/nginx/proxy-confs/plex.subdomain.conf /config/nginx/proxy-confs/openvpn-as.subdomain.conf /config/nginx/proxy-confs/nextcloud.subdomain.conf /config/nginx/proxy-confs/gitea.subdomain.conf I will investigate and comeback with results ... Edited January 22, 2021 by alexandru360 Quote Link to comment
alexandru360 Posted January 22, 2021 Share Posted January 22, 2021 5 minutes ago, alexandru360 said: After some further investigation I had this lines in my swag log: **** The following reverse proxy confs have different version dates than the samples that are shipped. **** **** This may be due to user customization or an update to the samples. **** **** You should compare them to the samples in the same folder to make sure you have the latest updates. **** /config/nginx/proxy-confs/sonarr.subdomain.conf /config/nginx/proxy-confs/plex.subdomain.conf /config/nginx/proxy-confs/openvpn-as.subdomain.conf /config/nginx/proxy-confs/nextcloud.subdomain.conf /config/nginx/proxy-confs/gitea.subdomain.conf I will investigate and comeback with results ... Nope ... I backed up all my configs, reset everything to default, cloned only deluge[...].conf and restarted swag and for subdomains I get Bad Gateway ... If someone has an idea I'll be all eyes ... Just a thought: I saw on another thread here a response from 2019 that Nerd Pack might interfere with swag "mojo" ... is this still the case ? Quote Link to comment
Ryguy Posted January 23, 2021 Share Posted January 23, 2021 1 hour ago, alexandru360 said: Nope ... I backed up all my configs, reset everything to default, cloned only deluge[...].conf and restarted swag and for subdomains I get Bad Gateway ... If someone has an idea I'll be all eyes ... Just a thought: I saw on another thread here a response from 2019 that Nerd Pack might interfere with swag "mojo" ... is this still the case ? I’m in the same boat. Same log warnings. Can’t figure this out at all. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.